Lucene search
+L

132 matches found

Tenable Nessus
Tenable Nessus
added 2005/04/12 12:0 a.m.137 views

Comersus Cart comersus_searchItem.asp curPage Parameter XSS

The version of Comersus Cart installed on the remote host fails to properly sanitize user input to the 'curPage' parameter of the 'comersussearchItem.asp' script. An attacker can exploit this vulnerability to cause arbitrary HTML and script code to be executed in a user's browser within the conte...

4.3CVSS5.9AI score0.0362EPSS
Exploits1References2
Exploit DB
Exploit DB
added 2005/04/12 12:0 a.m.29 views

Comersus Cart 4.0/5.0 - 'Comersus_Search_Item.asp' Cross-Site Scripting

source: https://www.securityfocus.com/bid/13125/info Comersus Cart is affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly validate user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2005/04/08 4:0 a.m.22 views

CVE-2005-1010

Cross-site scripting XSS vulnerability in Comersus Cart 6 allows remote attackers to inject arbitrary web script or HTML via the account username...

5.7AI score0.01177EPSS
Exploits0References4
CVE
CVE
added 2005/04/08 4:0 a.m.50 views

CVE-2005-1010

The CVE-2005-1010 vulnerability is a Cross-Site Scripting (XSS) flaw in Comersus Cart 6 that allows remote attackers to inject arbitrary HTML/JS via the Account Username field. Root cause: improper sanitization of user input in the Username field (as detailed in Nessus/NGD references). Impact: us...

4.3CVSS5.7AI score0.01177EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2005/04/06 12:0 a.m.15 views

Comersus Cart Detection

Binary data 2797.prm...

7.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2005/04/06 12:0 a.m.18 views

Comersus Cart Username Field HTML Injection

Binary data 2796.prm...

4.3CVSS7.3AI score0.0362EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2005/04/06 12:0 a.m.29 views

Comersus Cart Account Username Field XSS

According to its banner, the remote host is running a version of Comersus Cart that fails to properly sanitize user input to the 'Username' field. An attacker can exploit this vulnerability to cause arbitrary HTML and script code to be executed by a user's browser in the context of the affected...

4.3CVSS5.7AI score0.01177EPSS
Exploits0References1
CVE
CVE
added 2005/02/20 5:0 a.m.60 views

CVE-2004-1656

CRLF injection in Comersus Shopping Cart 5.0991 allows remote attackers to perform HTTP Response Splitting via the redirecturl parameter, enabling modification of server HTML content. Root cause is CRLF handling in the redirecturl flow; vulnerable component is the redirecturl parameter processing...

5CVSS7.1AI score0.0228EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2005/02/20 5:0 a.m.22 views

CVE-2004-1656

CRLF injection vulnerability in Comersus Shopping Cart 5.0991 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the redirecturl parameter...

6.8AI score0.0228EPSS
Exploits1References3
securityvulns
securityvulns
added 2005/01/27 12:0 a.m.42 views

[SA13964] Comersus Cart Multiple Vulnerabilities

TITLE: Comersus Cart Multiple Vulnerabilities SECUNIA ADVISORY ID: SA13964 VERIFY ADVISORY: http://secunia.com/advisories/13964/ CRITICAL: Moderately critical IMPACT: Security Bypass, Cross Site Scripting, Manipulation of data WHERE: From remote SOFTWARE: Comersus Cart 6.x...

1.4AI score
Exploits0
exploitpack
exploitpack
added 2005/01/25 12:0 a.m.16 views

Comersus Cart 5.06.0 - Multiple Vulnerabilities

Comersus Cart 5.06.0 - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/12362/info Comersus Cart is reportedly affected by multiple vulnerabilities. There is a possiblity of gaining administrator access due to a failure of the application to remove an installation script after...

0.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2005/01/25 12:0 a.m.15 views

Comersus Default Install Script Admin Access

Binary data 2554.prm...

7.3AI score
Exploits0
Exploit DB
Exploit DB
added 2005/01/25 12:0 a.m.26 views

Comersus Cart 5.0/6.0 - Multiple Vulnerabilities

source: https://www.securityfocus.com/bid/12362/info Comersus Cart is reportedly affected by multiple vulnerabilities. There is a possiblity of gaining administrator access due to a failure of the application to remove an installation script after install. There is the possiblity of SQL injection...

7AI score
Exploits0
securityvulns
securityvulns
added 2005/01/22 12:0 a.m.57 views

bug report comersus Back Office Lite 6.0 and 6.0.1

Software: Comersus ASP Shopping Cart Version: 6.0 Free version containing BackOffice Lite 6.0 and 6.01 Vendor: Comersus 1. Software Description -------------------- Comersus ASP shopping cart is a set of ASP scripts creating an online shoppingcart. It works on a database of your own choosing,...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2004/09/02 12:0 a.m.25 views

ADVISORY: http response splitting hole in Comersus shopping cart

ADVISORY Author: Maestro me! Date: 01-SEP-04 Vendor: Comersus www.comersus.com Product: Comersus Shopping Cart 5.0991 Problem: Http response splitting web cache poisoning, xss, yadayadayada - http://www.packetstormsecurity.org/papers/general/whitepaperhttpresponse.pdf Exploit:...

7.1AI score
Exploits0
NVD
NVD
added 2004/09/01 4:0 a.m.19 views

CVE-2004-1656

CRLF injection vulnerability in Comersus Shopping Cart 5.0991 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the redirecturl parameter...

5CVSS6.8AI score0.0228EPSS
Exploits1References3
exploitpack
exploitpack
added 2004/09/01 12:0 a.m.16 views

Comersus Cart 5.0 - HTTP Response Splitting

Comersus Cart 5.0 - HTTP Response Splitting source: https://www.securityfocus.com/bid/11083/info Comersus Cart is reported prone to a HTTP response splitting vulnerability. A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached or...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2004/09/01 12:0 a.m.39 views

Comersus Cart 5.0 - HTTP Response Splitting

source: https://www.securityfocus.com/bid/11083/info Comersus Cart is reported prone to a HTTP response splitting vulnerability. A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached or interpreted. This could aid in various attacks, which...

7.4AI score
Exploits0
NVD
NVD
added 2004/08/06 4:0 a.m.19 views

CVE-2004-0681

Multiple cross-site scripting XSS vulnerabilities in 1 comersuscustomerAuthenticateForm.asp, 2 comersusbackofficemessage.asp, 3 comersussupportError.asp, or 4 comersusmessage.asp in Comersus Cart 5.09 allow remote attackers to execute web script as other users via the message parameter...

6.8CVSS5.9AI score0.02043EPSS
Exploits1References3
NVD
NVD
added 2004/08/06 4:0 a.m.14 views

CVE-2004-0682

comersusgatewayPayPal.asp in Comersus Cart 5.09, and possibly other versions before 5.098, allows remote attackers to change the prices of items by directly modifying them in the URL...

7.5CVSS6.7AI score0.06851EPSS
Exploits1References3
Rows per page
Query Builder